FunnyMonkey Blog

Bill Fitzgerald | October 21, 2014

Last week, Snapchat had a security breach. The Snapchat response was pretty typical for Snapchat, and unconvincing: they blamed the data leak - over 100,00 pictures that were supposed to be "temporary" - on end users for using third party apps. But Snapchat's record here is spotty at best. In late 2013/early 2014, Snapchat leaked data of about 4.6 million users. Both of these data breaches at Snapchat were preceded by the revelation that the "vanishing" images sent via Snapchat were actually just hidden on your phone - and not deleted - in Snapchat's app. Predictably, Snapchat denied this basic flaw by saying that it's not a big deal because...

Bill Fitzgerald | October 13, 2014

In late August, I wrote about how different school districts and charter chains informed people about FERPA rights via their web sites. In the small number of schools and charter organizations reviewed, practices varied widely. Some organizations had no information obviously accessible online, where a smaller number of organizations did a pretty good job of making information about FERPA available. As a continuation of that work, I wanted to look at how parents and students are notified of their FERPA rights in the back to school paperwork. Online resources are one facet of the issue, but many districts still rely on paper forms to both gather information from families, and inform families of their rights.

In Portland Public School District in Portland, Oregon, parents received intake forms to start the new academic year. This blurb about FERPA...

Bill Fitzgerald | October 10, 2014

Remind is a free service marketed to teachers that describes itself as a "safe way for teachers to text message students and stay in touch with parents."

In this post, we will take a look at their terms of service, how they use industry standards for promoting their privacy practices, and how parents sign up. In the process, we will examine some of the holes in existing practices, and how these holes become visible in this service.

Terms

Remind doesn't collect a lot of information, but what they do collect is very valuable: because Remind collects information where parents will be informed about their children, Remind can guarantee that they are getting contact info that people use.

From Remind's Privacy Policy:

When users download and use our mobile application, we automatically collect IP address, device ID, device type, user agent browser,...

Bill Fitzgerald | October 4, 2014

While the goals of the American Federation of Teachers collaboration with Clever and ShareMyLesson remain unclear (to me, anyways), if the AFT or the National Education Association wants to increase the technological expertise of their members, they don't need an app for that. Between the 1.6 million members of the AFT, and the nearly 3 million NEA members, both organizations clearly have technological, pedagogical, and training expertise within their current membership.

If AFT and NEA want to support their members in becoming more effective at using online tools, rather than focusing on applications, why not shift the focus onto asking good...

Bill Fitzgerald | October 4, 2014

On Friday, Benjamin Herold wrote a piece where he outlined the new collaboration between ShareMyLesson and Clever, and how the American Federation of Teachers is backing this collaboration. His piece also stated that connections with Clever could support OER creators. There were a few elements that seemed off in both the deal, and in how it was being described. This piece looks at Clever, ShareMyLesson, and OER, and breaks down some of the implications of the collaboration.

Clever

Clever collects data. Clever specifies ways in which they can share data. Clever can change terms of service at any point, with no notice, meaning that the terms you agree to...

Bill Fitzgerald | October 2, 2014

Reading Privacy Policies and Terms of Service can be a mind numbing task, but the process of reviewing how an organization describes basic relationships with people can tell you a lot about how the company works, and the company culture. In this post, I will use "privacy policy" and "terms of service" interchangeably. When I use either term, I mean, "the combined policies that describe the rules for using a site, and how the owner of the site can treat you."

If you want a quick primer on policy and practice before reading privacy policies, two useful resources are https://tosdr.org and the opening section (titled "Statutory Framework") of the Fordham CLIP study (pdf) on privacy and cloud computing. TOS;DR or Terms of Service; Didn't Read gives a great overview of the structure of privacy policies used...

Bill Fitzgerald | September 29, 2014

A few weeks back I was part of a panel discussion on lessons learned from inBloom with Virginia Bartlett (who was CPO for inBloom) and Omer Tene.

Jedidiah Bracy has a writeup on the session that is pretty solid; this piece adds in some details and expands on some thoughts that might have fallen through the cracks during the panel. While the conversation covered a lot of ground, we only had an hour, which is barely enough time to scratch the surface.

Here are some of the details that were touched on in the conversation, with some additional comments. This list is by no means complete, but these are some of the thoughts I've been coming back to since the panel.

inBloom Was A New Vendor In A...

Bill Fitzgerald | September 24, 2014

These questions are a starting point in getting a sense of how your school or district understands and responds to issues of student privacy.

Also, in looking at privacy and data storage, it will likely become necessary to differentiate between data that is considered an "educational record" and data that is not considered an educational record. The definition of educational records is part of FERPA. Under FERPA, parents also have rights to review and challenge data that is collected and stored as part of an educational record.

Other data will likely be covered under district policy and/or a vendor terms of service.

With that said, here are some questions to jumpstart the conversation:

  • Ask for a list of vendors who get educational records covered under FERPA.
  • Ask for a list of vendors who get student data that is not considered an educational record.
  • Ask to see executed legally binding contracts between the school (or district...
Bill Fitzgerald | September 23, 2014

Bias in schools manifests itself in various ways, ranging from the school to prison pipeline, disparate discipline based on race starting in preschool, to corporal punishment applied to students of color, to higher diagnoses of learning differences based on race, to teachers showing stunning disrespect toward their students and communities...

Bill Fitzgerald | September 22, 2014

A couple weeks back, I put out a post on the Terms of Service and Privacy Policy of ClassDojo. For background context to this post, please read the comment thread in response to the original. One of the commenters was Sam Chaudhary, the co-founder of ClassDojo. He made some excellent points in his comment, and I wanted to be sure to respond. Toward that end, and toward not having the dialogue get lost in the comment threads, I pulled this response into a new post. Sam's comments are included as quoted text, and my responses follow.

Bill, hey! This is Sam, co-founder of ClassDojo. Thank you for such a thoughtful post and some excellent feedback; I wanted to chime in with a few thoughts - all of us in education are trying to do the best we can for students, and that is good common ground to start from!

Hello,...

Pages

Subscribe to FunnyMonkey Blog